In this post I will show how to build a highly-available load balancer with Nginx and keepalived. There are issues running keepalived on KVM VMs (multicast over the bridged interface) so I suggest you don’t do that. Here, we’re running on physical nodes, but VMware machines work fine too. The end result will be a high performance and scalable load balancing solution which can be further extended (for example, to add SSL support).
First, a diagram indicating the proposed topology. All hosts are running CentOS 6.5 x86_64.
As you can see, there are four hosts. lb01 and lb02 will be running Nginx and
keepalived and will form the highly-available load balancer. app01 and app02 will be simply running an Apache webserver for the purposes of this demonstration. www01 is the failover virtual IP address that will be used for accessing the web application on port 80. My local domain name is .local.
This article will describe the process required to set up a highly-available SSL-enabled load balancer using HAProxy,
keepalived to front a pair of Apache Tomcat instances.
The configuration will start off simple, and extend and grow as more functionality is added. First, a session-aware HAProxy load balancer is configured. Next, Tomcat clustering is configured with session replication and the responsibility for maintaining session state is moved to Tomcat. Then,
keepalived is added – providing a failover IP between HAProxy instances running on two nodes. The solution is then fully HA. To complete the article, SSL support will be enabled by way of adding
stunnel in front of the HAProxy instances, and a few cleanup tasks performed.
Faithful dolan and gooby will be used for this in my lab environment. Each of the servers is running CentOS 6.3 x86_64 and already has a Tomcat instance installed to
/usr/local/tomcat7 (running as the tomcat user).
172.16.18.169 dolan www1.tokiwinter.com
172.16.18.172 gooby www2.tokiwinter.com
As you can see, I’ve also reserved an IP address for our floating IP (or Virtual IP – VIP).
The end goal is to have dolan and gooby both running Tomcat as before, also running their own HAProxy and
stunnel instances but also running a failover VIP provided by